You are here

Employee and locum details in Well data leak up to seven years old

Well: We have contacted the majority of affected data subjects by email or post

Some of the details of employees and locums accidentally leaked via email by Well Pharmacy in December may be up to seven years old, the multiple has told C+D.

In December, a document – which included names, addresses, phone numbers, email addresses and some payroll numbers of 24,099 employees and locums – was sent as an email attachment to an undisclosed number of Well locums.

C+D readers have flagged they have been contacted by Well to inform them that some of their data was included in the emailed document, despite not having worked for the multiple for more than five years in some cases.

Chris Ellett, Well transformation director and senior information risk owner, told C+D yesterday (February 5) the multiple is required to retain data “for a variety of regulatory purposes, the main one being HM Revenue and Customs, who require us to keep records for seven years”.

“We are analysing the data in [our system] to identify records that are older than that, for locums who would consider themselves dormant, and will take appropriate steps for the records we find,” Mr Ellett said.

Well “continuing to work with ICO”

Well has contacted the “majority of affected data subjects” by email or post, and will “continue to make further attempts where mail has been returned to sender”, Mr Ellett said.

The multiple has taken steps to reduce the risk of another, similar incident occurring, he added.

“Well Pharmacy continues to work with the Information Commissioner’s Office (ICO) in respect of the breach, and have been completely transparent about the findings of our investigation.

Ghengis Pharm, Locum pharmacist

Leon The Apothecary, Student

Posted on Sat, 09/02/2019 - 12:55

I wonder if the Australian lottery company has gotten in touch with them yet, I'm sure they are eager to buy.

This shows another level of incompetence in the company, a level that many of us in the know would echo in our opinion. A lack of structure, coordination, and corporate competition for the top salaries leave me personally wondering if they remember why pharmacies exist in the first place?

Rachael Clarke, Superintendent Pharmacist

Posted on Fri, 08/02/2019 - 10:01

As the Superintendent for the newly formed Co-op Health (part of Co-op Group) and having previously been employed by both The Co-operative Pharmacy (the trading name of Well when it was part of The Co-operative Group before the pharmacy business was sold to Bestway) and Well, I would like to clarify that Well and Co-op are entirely separate organisations and do not share any ongoing trading relationship. This article is discussing a data breach by Well.

C A, Community pharmacist

Richard Binns, Primary care pharmacist

Posted on Fri, 08/02/2019 - 11:20

I would argue that my data that has been unlawfully released was in relation to my activities working for 'Co-op' Pharmacy, I have never undertaken any work for Well Pharmacy. The previous co-op group who where responsible for the handling of my sensitive data (from 2008) are responsible for placing that data in the hands of Well pharmacy who have commited the breach.

While I accept your statement highlighting that you are a different co-operative group from the organisation responsible for the handling of my data, I am sure the ICO is also capable of making that distinction before passing judgment.

I cannot see any direct reference towards your group in any of the comments on here

Garry Sykes, Industrial pharmacist

Graham Turner, Non Pharmacist Branch Manager

Posted on Thu, 07/02/2019 - 15:38

Over 24000 people's details is an absolute disgrace, they should be MASSIVELY fined by the information commissioner for this. A suitable fine might convince other pharmacy chains (no guessing who I'm talking about here) to update their hardware and hopefully prevent this from happening again, rather than "just hoping it doesn't" and not spending any money.

A harsh financial penalty is probably the only thing that some of these chains will pay attention to.

Ben Merriman, Community pharmacist

Ashley Cohen, Community pharmacist

Posted on Wed, 06/02/2019 - 17:02

I have not worked for the Co-op for over 14 years, yet I received a letter saying my data was compromised about the breach of information. Come on Well / C&D come clean as to the scale, size of this breach.

C A, Community pharmacist

Graham Turner, Non Pharmacist Branch Manager

Posted on Fri, 08/02/2019 - 21:31

You should know very well by now, that the GPhC only goes after individual pharmacists, because they are easy pickings. They will not touch the big multiples no matter what they do, because they are scared of the amount of work and the fact that they may get shown up by a corporate legal team. I would also not be surprised if they have some kind of clandestine realtionship, it certainly would explain a lot.